Nurech.B

It ends several processes belonging to several security tools, downloads a variant of the Trojan Alanchum and registers itself as LSP (Layered Service Provider). It spreads via email in a message with an attached file.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:

Feb. 13, 2007

Detection updated on:

May 22, 2007

Statistics

No

Proactive protection:

Yes, using TruPrevent Technologies

Brief Description

Nurech.B is a worm that ends several processes belonging to security tools, such as antivirus programs and firewalls, among others. It also registers itself a LSP (Layered Service Provider) in order to monitor Internet traffic.

Additionally, it downloads a variant of the Trojan Alanchum into the computer, and has rootkit functionalities, which allow it to hide its own processes.

Nurech.B spreads via email in a message with an attached file that has an EXE extension.

Note:LSP (Layered Service Provider) is a Windows feature that is used to listen to all the TCP/IP traffic taking place between Internet and the applications that are accessing Internet (such as the web browser, the email client, etc.).

Within this structure, a number of programs are specified. Such programs will carry out certain actions over the TCP/IP traffic; for example, it could be specified a computer security program, which analyses the traffic in search for viruses or other threats before transferring it to the final application of the traffic.

However, this structure can also be used by certain malware, in order to intercept the communication across the Internet, and, what is worse, if they are deleted without taking precautions, the Internet connection will stop working indefinitely.

Visible Symptoms

Nurech.B is easy to recognize, as it reaches the computer in an email message with the following characteristics: